Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/f614ef-56ae-4ddf-a3fc-92995fcf57c6/1/kfUoGqSXXKSaS-PEIgtGaao6Ro0.roa
File:                     kfUoGqSXXKSaS-PEIgtGaao6Ro0.roa (raw, json)
Hash identifier:          LjonqlIQc85Yf1YLDViU9RKSdWSeDZPSWNCbM4dAk5I=
Subject key identifier:   91:F5:28:1A:A4:97:5C:A4:9A:4B:E3:C4:22:0B:46:69:AA:3A:46:8D
Certificate issuer:       /CN=f1750017dc0d936e9aa166931937df7892afe9f1
Certificate serial:       0198BA4DE6E998773F743A99B02C08854FBC
Authority key identifier: F1:75:00:17:DC:0D:93:6E:9A:A1:66:93:19:37:DF:78:92:AF:E9:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8XUAF9wNk26aoWaTGTffeJKv6fE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/f614ef-56ae-4ddf-a3fc-92995fcf57c6/1/kfUoGqSXXKSaS-PEIgtGaao6Ro0.roa
Signing time:             Sun 17 Aug 2025 23:12:04 +0000
ROA not before:           Sun 17 Aug 2025 23:12:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205413
IP address blocks:        2001:67c:2a28::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/f614ef-56ae-4ddf-a3fc-92995fcf57c6/1/8XUAF9wNk26aoWaTGTffeJKv6fE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/f614ef-56ae-4ddf-a3fc-92995fcf57c6/1/8XUAF9wNk26aoWaTGTffeJKv6fE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8XUAF9wNk26aoWaTGTffeJKv6fE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ba:4d:e6:e9:98:77:3f:74:3a:99:b0:2c:08:85:4f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1750017dc0d936e9aa166931937df7892afe9f1
        Validity
            Not Before: Aug 17 23:12:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91f5281aa4975ca49a4be3c4220b4669aa3a468d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1b:7e:88:dd:9b:b8:8a:54:aa:fc:10:3b:f3:
                    00:d4:3a:33:c4:5d:51:17:4a:19:4a:18:75:44:7e:
                    36:c1:b9:66:d6:03:bb:a1:a1:9e:b2:2e:20:57:c5:
                    b7:2e:80:b1:dc:8c:12:11:d1:db:5a:3d:01:84:57:
                    8c:22:77:9d:51:01:45:eb:0f:63:ff:a6:c6:67:5f:
                    89:4b:2f:15:67:39:ce:96:c3:5d:16:61:d7:1d:56:
                    d1:ff:be:3b:e3:dc:49:3b:1a:b2:b6:4b:dc:a1:60:
                    21:31:9c:a1:f8:fd:86:cd:5f:65:7b:30:a8:33:5a:
                    97:eb:a6:68:8d:5e:dd:5e:ee:b2:e3:90:a1:21:b1:
                    ea:ee:83:1d:75:98:fd:29:b5:e5:1a:b5:e2:e7:44:
                    2a:39:12:b6:8c:ba:8c:90:f3:20:b8:fd:5e:fd:16:
                    de:68:5d:ea:64:d6:96:69:48:bc:4c:4d:dc:c0:bc:
                    2e:b3:ef:86:d9:54:d3:40:f6:7e:33:8d:9c:8a:24:
                    91:17:2f:02:df:1e:6d:b2:ad:13:8f:e8:55:8d:44:
                    91:d6:16:55:cb:c7:08:96:45:f4:0a:3b:da:21:a8:
                    2a:19:18:3f:31:b6:94:d8:11:ff:3a:be:92:71:de:
                    31:6b:4b:f4:aa:13:0e:8a:cf:56:ef:39:3e:e0:a8:
                    d7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F5:28:1A:A4:97:5C:A4:9A:4B:E3:C4:22:0B:46:69:AA:3A:46:8D
            X509v3 Authority Key Identifier:
                keyid:F1:75:00:17:DC:0D:93:6E:9A:A1:66:93:19:37:DF:78:92:AF:E9:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8XUAF9wNk26aoWaTGTffeJKv6fE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/f614ef-56ae-4ddf-a3fc-92995fcf57c6/1/kfUoGqSXXKSaS-PEIgtGaao6Ro0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/f614ef-56ae-4ddf-a3fc-92995fcf57c6/1/8XUAF9wNk26aoWaTGTffeJKv6fE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2a28::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:41:71:ce:94:34:4c:24:f1:20:3c:37:9c:45:22:ce:85:82:
         6e:27:60:a2:84:e1:e8:c5:d6:c2:59:84:ed:00:e0:16:e9:bd:
         b7:cf:53:75:61:fb:e4:3f:06:60:d0:51:8b:ae:b2:16:7d:d7:
         d5:0b:63:d2:5f:d2:f1:f7:73:1c:3d:5e:68:e4:de:81:9d:bd:
         82:6a:62:52:60:ab:9f:d0:b0:a4:07:fc:0a:2a:ae:01:53:8f:
         38:b3:63:fa:46:b7:39:fa:03:a0:5c:af:12:29:2f:1f:80:e7:
         49:88:dd:b3:42:0b:3d:8b:ff:c2:7c:dc:f3:cc:80:f5:5b:bd:
         ee:bc:3f:62:98:9c:d4:d6:9d:b9:44:72:8f:2f:ec:24:92:12:
         5f:4a:91:23:27:d1:52:2b:88:4a:33:90:2f:47:00:8f:0d:3e:
         e8:34:ee:1f:b3:c9:50:1d:16:1c:94:78:ab:ed:c7:dd:a6:97:
         b0:66:07:69:71:aa:0f:39:f8:fd:45:41:7f:90:c1:90:00:de:
         3c:04:7e:71:39:09:c7:5b:c9:43:80:e3:c7:f7:a7:1a:2e:11:
         e8:d6:75:55:b5:94:40:38:be:f0:3b:2b:38:0f:29:1f:98:1d:
         ee:1d:ff:b0:82:97:16:6e:c6:ec:1c:da:3d:ae:05:96:fb:e8:
         8d:06:5b:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZi6TebpmHc/dDqZsCwIhU+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNzUwMDE3ZGMwZDkzNmU5YWExNjY5MzE5MzdkZjc4OTJh
ZmU5ZjEwHhcNMjUwODE3MjMxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWY1MjgxYWE0OTc1Y2E0OWE0YmUzYzQyMjBiNDY2OWFhM2E0NjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBt+iN2buIpUqvwQO/MA1DozxF1R
F0oZShh1RH42wblm1gO7oaGesi4gV8W3LoCx3IwSEdHbWj0BhFeMInedUQFF6w9j
/6bGZ1+JSy8VZznOlsNdFmHXHVbR/74749xJOxqytkvcoWAhMZyh+P2GzV9lezCo
M1qX66ZojV7dXu6y45ChIbHq7oMddZj9KbXlGrXi50QqORK2jLqMkPMguP1e/Rbe
aF3qZNaWaUi8TE3cwLwus++G2VTTQPZ+M42ciiSRFy8C3x5tsq0Tj+hVjUSR1hZV
y8cIlkX0CjvaIagqGRg/MbaU2BH/Or6Scd4xa0v0qhMOis9W7zk+4KjX4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJH1KBqkl1ykmkvjxCILRmmqOkaNMB8GA1UdIwQY
MBaAFPF1ABfcDZNumqFmkxk333iSr+nxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFhVQUY5d05rMjZhb1dhVEdUZmZlSkt2NmZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9mNjE0ZWYtNTZhZS00ZGRmLWEzZmMt
OTI5OTVmY2Y1N2M2LzEva2ZVb0dxU1hYS1NhUy1QRUlndEdhYW82Um8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9mNjE0ZWYtNTZhZS00ZGRmLWEzZmMtOTI5OTVmY2Y1N2M2
LzEvOFhVQUY5d05rMjZhb1dhVEdUZmZlSkt2NmZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCoo
MA0GCSqGSIb3DQEBCwUAA4IBAQAqQXHOlDRMJPEgPDecRSLOhYJuJ2CihOHoxdbC
WYTtAOAW6b23z1N1YfvkPwZg0FGLrrIWfdfVC2PSX9Lx93McPV5o5N6Bnb2CamJS
YKuf0LCkB/wKKq4BU484s2P6Rrc5+gOgXK8SKS8fgOdJiN2zQgs9i//CfNzzzID1
W73uvD9imJzU1p25RHKPL+wkkhJfSpEjJ9FSK4hKM5AvRwCPDT7oNO4fs8lQHRYc
lHir7cfdppewZgdpcaoPOfj9RUF/kMGQAN48BH5xOQnHW8lDgOPH96caLhHo1nVV
tZRAOL7wOys4DykfmB3uHf+wgpcWbsbsHNo9rgWW++iNBlt6
-----END CERTIFICATE-----